Why a recession requires a value-based approach to privacy

Building a culture of continuous privacy compliance boosts trust, protects customers and minimises the risk of data breaches and fines – whatever the economic climate

By Emma Sheppard


November 2022

Experts are convinced the UK will enter a period of recession in 2023 – and it may be deeper than first expected. Goldman Sachs has predicted the UK economy will shrink by 1% next year, down from its previous forecast of a 0.4% downturn. Energy bills are skyrocketing, corporation tax will increase to 25% from April 2023, and interest rates are climbing fast. The Bank of England predicts inflation will reach as high as 13%, contributing to a cost of living crisis that will affect almost everybody in society.  

It’s a difficult time for business leaders. Investments will become harder to justify and many will be looking to find efficiencies to help their organisations survive an economic downturn. But privacy doesn’t have to be on the chopping block, providing organisations invest in the most cost-effective solution.

Privacy boosts trust

During a recession, customers tend to think more carefully about the money they spend. As household budgets tighten, the cash available for non-essential purchases falls and shoppers often shift to buying cheaper brands or do more research before making a purchase. But the more loyal a customer is to a company, the less vulnerable that relationship is to economic swings. 

Privacy is a real USP for brands. Tech giants Apple and Google, for example, have been running ad campaigns around how they put privacy at the top of the priority list. A third of UK organisations lose customers after a data breach and four in 10 customers say they won’t return to a business after a security issue. 

During a recession, organisations don’t need to give a single customer an excuse to shift elsewhere. They need to inspire confidence. That’s also true for investor relationships – there’s now a much higher bar set for competence around data privacy for those companies seeking investment. Those that don’t get this right may find themselves passed over, or facing unnecessary anxiety. 

Hackers increase their activity during downturns

Businesses of all sizes and sectors are vulnerable to cyber attacks and data breaches. It’s an ever evolving threat that requires regular training and vigilance. But it’s also true that hackers tend to take advantage of a slower economy, becoming more active and utilising new tactics to find vulnerabilities. During the Covid-19 pandemic, for example around 35% of cyberattacks used previously unseen malware or methods.

According to Accenture, the average number of attempted cyberattacks per company rose 31% between 2020 and 2021, based on its annual survey of more than 4,700 chief information security officers (CISOs) around the world. Eight in 10 said staying ahead of attackers is a constant battle. That supports a recent PwC poll that found business leaders ranked cybersecurity as the number one risk facing their companies, meaning they believe hackers pose a bigger threat than inflation or a recession. 

A cost-effective privacy management programme enables organisations to build a culture of continuous privacy compliance for the long term. Hiring a privacy consultant may seem like an easy choice but they will never know a business as well as your own people do (and they can charge upwards of £1,000 a day). The Privacy Compliance Hub on the other hand enables leaders to understand and confidently implement what is required. It provides relatable training content, data protection assurance, and access to powerful reporting tools. Plus the platform starts at only £595 per month. 

If you want more practical content like this article, please click below to sign up for our monthly newsletter.

Sign up now

Hybrid teams need privacy training

One of the vulnerabilities hackers were able to take advantage of during the Covid-19 pandemic was more staff working from home. Employees had less supervision and fewer technical controls, many were using personal devices or unsecured Wi-Fi networks, and others were more likely to click on phishing email links. Post pandemic, many companies have continued their hybrid work policy, with employees combining remote working with time at the office. 

With good privacy training included as part of a comprehensive privacy management programme, businesses can empower employees to make the best use of the data at their fingertips, while treating that information in a respectful way. It’ll boost productivity by avoiding a data breach that could derail operations, and teach everyone what to do if an incident occurs. When employees understand privacy, they care about it. And when they care about it, they’re willing to do their bit to keep information safe – whether they’re working in the office or not. 

The ICO will continue to hand out fines

The UK’s Information Commissioner’s Office (ICO) recently gave notice of its intention to fine TikTok £27m for breaching the Children’s Code. It’s already fined more than 25 companies in 2022 alone, many of which have been SMEs. Easylife Limited for example, made more than a million unsolicited direct marketing calls to customers having profiled them to predict their health conditions and was subsequently fined £1.48m by the ICO. And Halfords was fined £30,000 for sending almost half a million unsolicited marketing emails to people without their consent. 

Businesses could do without a fine at the best of times. But during a recession when money is tight, it’s really best avoided. CEOs worldwide rank cybersecurity as a top 10 risk but only 37% say they’re well prepared and 64% of C-suite executives believe their board has a below par understanding of data security and data privacy. When the worst happens, everyone sits up and pays attention. But of course, it’s often too late by then.

Answer our GDPR compliance checklist questions and we will email you an objective, personalised audit report within minutes, completely free of charge.

Get your audit

Privacy is mission critical

Privacy and security are two areas experts believe are almost ‘recession proof’ because they are as important, if not more so, during recessions than during more economically prosperous conditions. During the 2008/9 recession, one survey covering America, Europe and the Asia Pacific region, found 31% of organisations were planning to increase budgets for outside privacy help. Only 13% were planning to reduce it. And that was, of course, before regulations such as the GDPR came into effect. 

The average length of a recession is 13 months. As with during the pandemic, such uncertainty can be a catalyst for reflection and innovation, rather than cost-cutting. Forrester predicts 80% of companies will shift their innovation spending from creativity to resilience, and overall, companies will do “less data collection and more listening” when it comes to privacy. That means understanding the data a business holds and what it’s being used for. Not only is this one of the first steps in a privacy management programme, but leaders may spot business opportunities that haven’t yet been fully explored. 

It’s a difficult time for many organisations who may not feel it’s ‘business as usual’. But privacy continues to be a real business imperative – whether the UK is in recession or not. As always, it pays to put privacy first.

More to watch and read